This topic contains 64 replies, has 3 voices, and was last updated by Anonymous 4 years, 2 months ago.
-
AuthorPosts
-
Hi Jack C.,
Thanks for your detailed input. We are considering various ways of supporting the “multiple password” paradigm, without making things more complicated for normal use, or risk of data loss (that’s a real danger with version 1 – people do forget their passwords, this risk is reduced when the number of passwords is reduced).
Jack C.The program is very good all around, so I hope an option of multiple passwords wouldn’t corrupt your full concept of implementation. Seems doable but I’m not a programmer.
For forgetful users, you could just include a strong liability disclaimer before first use, as seems to already exist. I consider any password app to be a case of “Use at your own risk of absent-mindedness!” There will always be fools who want to blame the software but such is life.
I’m testing the standalone v2 again as I write this. I know the right-click options for the installer version are very similar to v1 and the separate window isn’t always needed. Add a custom password function for each right-click and it’s a done deal.
Thanks for the replies.
Hello Jack C.,
Thank you for your insightful and detailed comments. We, and I, really appreciate this type of dialog with real users of our software. It’s how we keep doing things which are good, and improve the things we can do better. Without input like yours, it’s so much harder to decide how to continue develop AxCrypt.
Here’s the issue for password-based sharing, if you’d like to follow it to get advance info when it’s coming into AxCrypt: https://bitbucket.org/axantum/axcrypt-net/issues/131/add-sharing-password .
Jack C.Svante, I don’t have an account to comment on that Bitbucket link offhand, but I’m all for it! Looks like it’s been conceived of for several years now (https://preview.tinyurl.com/ax-oldcomments).
Of course it must be done without compromising the program overall. Please go for it. Your overall interface is top-notch compared to others.
AnonymousJust want to post again about how much I HATE the new version of AxCrypt.
Just typical these days where software only seems to get worse and companies/developers don’t really care what the users want/like/need.
DanielJust want to post again about how much I HATE the new version of AxCrypt.
Just typical these days where software only seems to get worse and companies/developers don’t really care what the users want/like/need.
There’s no point in commenting again.
A development decision has been made and if you’re unhappy there’s nothing stopping you looking elsewhere because the overwhelming majority of users love AxCrypt 2.
Hello Anonymous,
You wrote:
Just typical these days where software only seems to get worse and companies/developers don’t really care what the users want/like/need.
For what it’s worth, I do really care what the vast majority of users want/like/need – and I listen all the time. This is not quite the same as responding to every users wants/likes/needs . As the lead developer I also have a vision about what I want the software to do, and when that comes into conflict with individual users, well… I win ;-) I’m happy to develop features that only target small user groups as well, but not when it conflicts with the overall goals of the software, or the majority use cases.
Finally, we’re still operating with very small resources, which also put a natural cap on what can be done.
JustOneWhoCaresHello everyone,
I think feedback is good and we all try to contribute. A few comments touched some good points. I used to be a fan of TrueCrypt and later, VeraCrypt and just this month I decided to try AxCrypt 2 and I find it to be easy to use, intuitive steps to decrypt and encrypt files.
I wonder why people who find themselves in this debate and require more than what AxCrypt tool provides don’t set up a process that would provide them with a multi-point system using for example two different tools, or yet an encrypt file and a password. Use in conjunction with winzip for example. (and not necessarily to include every file, just the most sensitive ones).
In my experience, most theft of data is done when the file is available, someone forgot to lock their workstation for example.
For you that needs that ” extra security” you can pay for services that will provide just that. Or yet, buy a Hardware based encrypted HD with a keypad and place encrypted files within.
Security always begs for answers related to cost/benefit. And that applies to every level of security. And if you see in percentages, most breaches happened by people who already have or had access to the data, access to someone that had access to the data or “social engineering”.
I see more people loosing the data for not establishing a proper set of protocols to keep their password or simply for not following the proper instructions to encrypt the data in the first place. The loss occurs for loosing access to the data and not for theft.
Even experienced people with other encryption tools commit mistakes once in awhile.
I think Svante is right and made a very good point. For that 1% that has the need of such “mission impossible” level of security is being naive by believing that one software alone should be the answer for all their needs. Security, especially of digital data is normally a set of protocols put in place for prevention of theft.
Even though I have not used your tool for long I already love it! – I have not seen any reason to request changes to it. It fits its purpose and the price is right!
You are even giving the chance for people to use the fruits of your hard work for free!
When I see people asking for more without paying a dime I simply do not understand.
May be, just may be it is time for them to right their own tool and make it available on the market!
Thanks for the incredible tool.
Jack C.I’m not sure you’re getting the main reasons for dissatisfaction with v2 over v1.
The change that “irked” most users is the lack of instantly changeable passwords that v1 had. You’re now required to use just one password unless you put effort into constantly changing it, which isn’t the same as instant custom passwords. You’re also asked to integrate the program with an email address and some data (assuredly not the password itself) is kept on a server, which makes some of us nervous. We want no cloud involvement with encryption, though the email aspect of v2 can be bypassed with a trick.
V1 works as a stand-alone program and is favored by many people because it doesn’t put constraints on passwords. Many people don’t want the same password for all their encryption, similar to web logons where it’s advised to never repeat a password. We have different categories of files with different levels of privacy, along with needing to share some files with novice or elderly users who resist anything except known passwords they can type.
Also, the pseudo-container (drag & drop) aspect of v2 put off some users who found it too abstract vs. working directly on files in their native folders, but it doesn’t need to operate in that mode so that’s not a big deal for me.
The author has indicated willingness to add custom passwords in v2. I’m waiting to see how that goes, and using v1 for now.
Hello JustOneWhoCares and Jack C.,
Thanks for all the input, we do try to improve AxCrypt and make it fit a many needs as possible without making it more complicated than it has to be.
One bit of clarification concerning multiple passwords. We’re not planning to add functions to have different passwords as such, but we are planning to add a function whereby we might let users share by way of password.
Jack C.Svante, the program is all yours and you obviously have your reasons for doing A or B. This discussion has run out of gas now.
Those who want the old version’s functionality can keep using it until some future OS fails to load it, I suppose. I do plan to eventually go with v2, but I’ll have to warm up some relatives to the concept of shared keys, etc.
Thanks for making a better encryption app than most, regardless of tastes.
Hi Jack C.,
Thanks for all the input!
RSI would like to join everyone deriding the ‘improvements’ made in v2. It is clunky and annoying. Unless you are signed in files do not decrypt as quickly. Every time you open a file it signs into Axcrypt and I have to constantly sign out. I don’t want any extra programs uselessly running the background. Too many other programs already do that I don’t need another one. And I am already sick of constantly being bombarded with useless, spam-like, pop-up messages. I want to open a file, I don’t need spam pop-ups.
If you’re that concerned with security why did you implement automatically decrypting files without making the person enter the password *every time*? Just because they’re signed into Acrypt you bypass this necessary security step as a ‘feature’? That’s a perfect way to make people forget their passwords. Even worse if anyone manages to get access to the computer and the user is signed into Axcrypt the person has access to encrypted files!
This logic is the same as automatically entering in a PIN number with a debit card just to be convenient. It defeats the entire purpose.
I get it. You want to force people to log into the Acrypt website so you can track them. That doesn’t mean I have to go along this marketing-based pseudo-design.
The only thing that makes v2 forgivable is that Axcrypt is keeping v1 available. I’m uninstalling v2 and backing up my old v1 installation files because I dread that the next step in this marketing strategy could very well be to completely stop offering v1 and force people to v2.
You can reply with whatever rationalizations you want. Until v2 is radically altered from what is currently is, I won’t be using it.
Hello RS,
Thank you for your feedback!
I’d still like to reply with some facts.
A big problem with the old AxCrypt 1 was that the *encryption* password was not in any way verified. This opened for scenarios with many different encryption passwords, as well as typos. The current AxCrypt 2 design where we keep to one encryption password that has to be verified (in a cryptographically secure manner) has drastically reduced the number of incidents with users not being able to access encrypted data due to forgotten passwords or typos. That’s a fact.
If you use AxCrypt 2 from Windows Explorer, like AxCrypt 1, the normal workflow is identical. The looks of the dialogs are different, but this the same number of clicks and keyboard hits as when using the ‘remember this for encryption’ and ‘remember this for decryption’ in AxCrypt 1. That’s a fact.
You write that the use of the cached password feature is a security risk because “if anyone manages to get access to the computer and the user is signed into Axcrypt the person has access to encrypted files!“. That’s simply not true, unless of course you left the computer entirely logged on to Windows with AxCrypt open. If you do, you’re pretty much out of luck security-wise anyway. If you sign out, if the screen saver goes active, if the computer goes to sleep, AxCrypt will sign out. There’s also an option to set a timeout for AxCrypt, just like a screen saver.
And no, we don’t want to force people to log on to the AxCrypt site to track them. We don’t track logged on users. However, we do want to try to make AxCrypt survive and evolve. This requires money. Not even one in a ten-thousand donated even $10 for AxCrypt 1. I had two options – kill AxCrypt entirely, or try to find a compromise by still offering AxCrypt for free with basic features, and then add features to make it worth paying for. For payments to work, we do need some kind of account mechanism. However, the main function of the online account is to host the password manager, and the key pairs used for key sharing (sharing encrypted files without sharing passwords), and to serve as a way to validate the encryption passwords used (see above).
You are welcome to use AxCrypt 1 of course – but beware, there’s no support and no maintenance. It’s obsolete, sunsetted abandonware at this point. Use at your own risk.
Jack C.Svante wrote: “There’s also an option to set a timeout for AxCrypt, just like a screen saver.”
That’s critical to protect a strong password that one could never simply type each time to decrypt a file. Otherwise you’d have to copy/paste from a password manager, making the process too kludgy. The whole thing has to be self-contained.
I use a local password manager and likewise all my passwords are exposed when it’s not auto-timed-out. Without awareness of a computer’s locked/unlocked status, any such passworded software is vulnerable. People are foolish if they just walk away from a computer without locking it by habit. You see this at work too often. It comes down to personal accountability vs. lawyering-up after data is compromised.
As written before, I still wish v.2 could have a “lower security” mode that allows custom passwords on the fly for low-tech relatives/friends who can’t handle shared keys or any extra effort on their part. Such people are a fact of life. Of course it’s not as simple as just adding that feature without compromising the master plan for AxCrypt.
-
AuthorPosts